4 sneaky online shopping scams and how to avoid them

Online shopping scams are getting more convincing and harder to spot. But there are tell-tale signs to look out for when establishing whether a retailer is legit or not.

Online shopping scams are on the rise, with emerging technologies and changing habits making it increasingly difficult to know who to trust online. And according to figures from the Federal Trade Commission in the United States, shopping fraud increased by 90% between 2019 and 2022.

This increase in online shopping scams should come as no surprise, though. Ecommerce was already a huge contributor to the global economy before Covid-19, accounting for $3.35tn of global sales, and making it a prime target for cyber criminals. But the pandemic saw year-on-year growth more than double, from 12% to 27%.

And it wasn’t just the market size that changed. We also became less loyal. Research from McKinsey & Company revealed that brand loyalty was decimated during the pandemic, with 40% of consumers saying that they switched brands during this period. This raises serious concerns when it comes to online fraud, with 69% of consumers feeling that they don’t know who to trust online.

However, by using a trusted online protection app to automatically spot online shopping scams, and by following the advice of F‑Secure’s team of cyber security experts, you can increase your levels of trust, and greatly reduce the risks when you shop online.

1. Don’t click on declined payment links

Online shopping scams that arrive via email tend to spike at certain times of the year, such as Amazon Prime Day (July), Black Friday (November) and the holiday season (late November to early January).

One of the most common shopping-related phishing attacks are fake messages that inform a recipient that a payment has been declined. These scams will often target Amazon, and thanks to the increasing use of generative AI by cyber criminals, they are getting harder to spot.

You have probably seen some phishing email or SMS where you could instantly detect the attack, because of a grammatical or spelling mistake, explains Abdullah Al Mazed, Senior Technical Product Manager at F‑Secure. Sadly, thanks to developments in the world of large language models (LLMs), those days will be a thing of the past. ChatGPT demonstrates how far natural language processing (NLP) has already gone, and how easy it is to write a very convincing mail or blog post with a simple prompt and a handful of keywords.

If you receive an email that claims a payment has been declined, never click the link in the email. Instead, log in to the retailer’s site via the official URL, and then check the payment status in your account settings.

2. Avoid free offers

Online shopping doesn’t always require a physical product at the end of the process. And buying digital assets is becoming more commonplace, whether that’s movies, audio files, or digital assets within video games (such as skins, weapons, and themes).

The rise in popularity of free-to-play (F2P) games such as Apex Legends, Fortnite and Roblox has led to an increase in the number of online shopping scams targeting gamers, which advertise free offers for assets you would usually pay for.

According to Statista, there is an estimated one billion online gamers worldwide. This number of users is projected to exceed 1.3 billion in the year 2025, said Maria Patricia Revilla-Dacuno, Senior Threat Researcher at F‑Secure. With this growing number of users, we can expect that cyber criminals will continue to target these platforms for scams and phishing.

To avoid phishing scams targeting online video games, it’s best not to click on offers for free content. For example, phishing scams targeting Roblox users employ YouTube videos to promote fake offers for free Robux (in-game currency), with a link leading to phishing sites where scammers harvest login details. These scams can also appear within games, too, with cyber criminals hijacking compromised Roblox accounts to share phishing links via Roblox User Advertisements (the Roblox in-game messaging system).

3. Be wary of new online shops

As we high­lighted above, online shoppers are becoming increasingly promiscuous when it comes to brand loyalty, and this means that the risk of falling victim to a cyber scam also increases, as we purchase more products sold by unknown brands.

If you are visiting an online shop that was established recently, or it is your first time making a purchase on this particular store, be extra cautious, warned Fennel Aurora, Product Management Community Lead at F‑Secure. Creating new web stores, including fake ones, is getting easier and can be done in a few hours especially with the aid of AI.

To reduce the risks of purchasing from a fake shop, look out for warning cues, by reading up on the company behind the store, checking where it is located and by reviewing its WHOIS registration. If the company does not provide details about them­selves, does not exist in official governmental registrars, or has a domain created in the past few months then it is best to err on the side of caution.

4. Don’t fall for social media scams

We’ve all seen them. An advert or special offer appears on your social media timeline advertising a too good to be true deal. Look closer, though, and you’ll often see the same tactics that phishing scammers employ elsewhere, such as exclusively positive comments from unverifiable sources.

An ad on Facebook with good comments from users does not necessarily mean the shopping site is trustworthy, said Abdullah Al Mazed. Senior Technical Product Manager. Scammers can impersonate as someone else to create fake product ad. Better to do a little bit of research online if it’s a shop you are ordering from for the first time.

If you see any shopping promotions on social media, it is always best to be cautious. Check comments from users and click on the names of commenters to see if they link to genuine profiles (only using a single name on platforms such as Facebook is a red flag).


Shop safely online with Total

F‑Secure’s Browsing protection (included in Total) enables you to evaluate the safety of web sites and prevents you from unintentionally accessing harmful URLs.

  • Quickly identify safe sites in your search results

  • Block harmful sites automatically

  • Get feed­back on potentially harmful sites with safety ratings

Read more about Total